Anti-Malware Scan Hierarchy

Configure anti-malware security to provide varying levels of security. Enabling the Advanced Threat Scan Engine in conjunction with Deep Discovery Advisor assists in discovering and preventing targeted attacks by suspected malware threats.

The following table provides an overview of the anti-malware scan engine hierarchy in Deep Edge.

Scan Engine Hierarchy

Scan Engine

Description

Virus Scan Engine scanning

The Virus Scan Engine provides pattern-based and heuristic scanning for traditional malware threats.

ATSE scanning

ATSE enhances the traditional malware threat protection offered by the Virus Scan Engine. ATSE performs an aggressive scan using heuristic algorithms to identify possible targeted attacks, such as document exploits.

For scan configurations that enable ATSE without sending files to Deep Discovery Advisor, Deep Edge performs the action configured for Advanced threat files detected as an advanced threat by ATSE.

Note

Some detected files may be safe. Perform an evaluation on files not sent to Deep Discovery Advisor to determine the actual threat of the quarantined files.

ATSE and Deep Discovery Advisor

After ATSE detects a suspected malware threat, Deep Edge sends the file to Deep Discovery Advisor for further analysis.

Deep Discovery Advisor Virtual Analyzer assesses the risk level of the file in an isolated virtual environment and returns the threat rating to the Deep Edge server. Deep Edge performs the anti-malware policy action based on the configured security for the suspected threats without waiting for the analysis results.

Deep Edge regularly synchronizes malicious IP addresses with Deep Discovery Advisor to match and record IP addresses as C&C contact alerts.

$('#title').html($('meta[name=description]').attr('content'));